Telecom operators worldwide are being forced to spend increasingly on cybersecurity, driven not only by rising cyber threats but also by poorly aligned and inconsistent regulations across countries.
A new industry study revealed that mobile network operators currently spend between $15 billion and $19 billion annually on core cybersecurity activities. If current trends continue, this figure is expected to surge to between $40 billion and $42 billion by 2030.
While operators acknowledge cybersecurity as a critical responsibility, experts warn that badly designed regulations are now a major cost driver. In many markets, rules are fragmented, overly prescriptive, and sometimes contradictory, forcing operators to focus more on compliance than on actual security improvements.
Mobile networks sit at the heart of modern digital life, supporting banking, healthcare, education, government services, and daily communication. However, operators say they are increasingly trapped between defending their networks and meeting complex regulatory demands from multiple authorities.
The study found that in several countries, operators must comply with overlapping cybersecurity rules from different agencies. In some cases, a single cyber incident must be reported multiple times in different formats, creating duplication and inefficiency.
There are also regulations that emphasize “box-ticking” exercises, requiring operators to deploy specific tools or follow rigid procedures rather than addressing risks based on real-world threats. One operator revealed that up to 80 per cent of its cybersecurity team’s time is spent on audits and compliance tasks instead of threat detection or incident response.
The research, which covered operators across Africa, Asia-Pacific, Europe, Latin America, the Middle East, and North America, showed that the problem is global. For companies operating in multiple countries, fragmented national regulations increase complexity, raise costs, and can even introduce new security weaknesses.
Despite these challenges, operators insist that securing mobile networks remains a top priority for customers and society. However, the report warns that unilateral and poorly coordinated regulatory approaches risk undermining those efforts.
To address the issue, the study calls on governments and regulators to adopt harmonized, risk-based cybersecurity frameworks. Recommendations include aligning policies with international standards, ensuring consistency with existing rules, focusing on outcomes rather than rigid procedures, and strengthening collaboration between regulators and industry.
The report also highlights the importance of a security-by-design approach and stronger institutional capacity within cybersecurity authorities to ensure effective implementation.
As digital services continue to expand and societies become increasingly dependent on mobile networks, cybersecurity spending will inevitably rise. The warning is clear: without coordinated, outcome-focused regulation, telecom operators may continue to spend more while achieving less real security.
